As modern business systems become increasingly connected, they become a valuable target for attackers trying to infiltrate and manipulate core processes of companies. At the same time, attackers are becoming more sophisticated in the manner in which traditional security measures are circumvented. Moreover, both social engineering and insider attacks may lead to a situation where valid system users may not be trusted. Application level intrusion detection systems hence become more and more important as an additional line of defense which alert administrators to unusual behavior in their systems.